rust-api-template/src/api/backend/integrity_verification.rs

use blake3::{Hash, Hasher};

use crate::errors::ApiError;

pub trait CustomHash {
    fn updater(&self, hasher: &mut Hasher);

    fn hash(&self) -> Hash {
        let mut hasher = Hasher::new();
        Self::updater(&self, &mut hasher);
        hasher.finalize()
    }
}

pub struct IntegrityVerifier {
    mac: Hasher,
}

impl IntegrityVerifier {
    pub fn new() -> Result<Self, ApiError> {
        Ok(Self {
            mac: Hasher::new_derive_key(include_str!("./verification_secret")),
        })
    }

    pub fn sign<T>(&self, data: &T) -> Result<Hash, ApiError>
    where
        T: CustomHash,
    {
        let mut mac = self.mac.clone();

        mac.update(data.hash().as_bytes());
        let signature = mac.finalize();
        mac.reset();

        Ok(signature)
    }

    pub fn verify<T>(&self, data: &T, signature: Hash) -> Result<(), ApiError>
    where
        T: CustomHash,
    {
        let mut mac = self.mac.clone();
        mac.update(data.hash().as_bytes());
        let verify = mac.finalize();
        mac.reset();

        match verify == signature {
            true => Ok(()),
            false => Err(ApiError::AccessDenied),
        }
    }
}

#[cfg(test)]
mod test {

    use blake3::Hasher;

    use crate::api::backend::integrity_verification::{CustomHash, IntegrityVerifier};

    #[test]
    fn integrity_verification() {
        struct TestData {
            one: u32,
            two: String,
        }

        impl CustomHash for TestData {
            fn updater(&self, hasher: &mut Hasher) {
                hasher.update(&self.one.to_be_bytes());
                hasher.update(&self.two.as_bytes());
            }
        }

        let verifier = IntegrityVerifier::new().unwrap();

        let mut item = TestData {
            one: 24,
            two: "MyTesting".to_string(),
        };

        let signature = verifier.sign(&item).unwrap();
        assert!(verifier.verify(&item, signature).is_ok());

        item.two = "Wrong".to_string();
        assert!(verifier.verify(&item, signature).is_err());
    }
}
switched to blake3 2025-05-31 15:57:05 +00:00			`use blake3::{Hash, Hasher};`
changes 2025-05-04 20:17:09 +00:00
			`use crate::errors::ApiError;`

			`pub trait CustomHash {`
switched to blake3 2025-05-31 15:57:05 +00:00			`fn updater(&self, hasher: &mut Hasher);`
changes 2025-05-04 20:17:09 +00:00
switched to blake3 2025-05-31 15:57:05 +00:00			`fn hash(&self) -> Hash {`
			`let mut hasher = Hasher::new();`
changes 2025-05-04 20:17:09 +00:00			`Self::updater(&self, &mut hasher);`
switched to blake3 2025-05-31 15:57:05 +00:00			`hasher.finalize()`
changes 2025-05-04 20:17:09 +00:00			`}`
			`}`

			`pub struct IntegrityVerifier {`
switched to blake3 2025-05-31 15:57:05 +00:00			`mac: Hasher,`
changes 2025-05-04 20:17:09 +00:00			`}`

			`impl IntegrityVerifier {`
			`pub fn new() -> Result<Self, ApiError> {`
			`Ok(Self {`
switched to blake3 2025-05-31 15:57:05 +00:00			`mac: Hasher::new_derive_key(include_str!("./verification_secret")),`
changes 2025-05-04 20:17:09 +00:00			`})`
			`}`

switched to blake3 2025-05-31 15:57:05 +00:00			`pub fn sign<T>(&self, data: &T) -> Result<Hash, ApiError>`
changes 2025-05-04 20:17:09 +00:00			`where`
			`T: CustomHash,`
			`{`
			`let mut mac = self.mac.clone();`

switched to blake3 2025-05-31 15:57:05 +00:00			`mac.update(data.hash().as_bytes());`
			`let signature = mac.finalize();`
			`mac.reset();`
changes 2025-05-04 20:17:09 +00:00
switched to blake3 2025-05-31 15:57:05 +00:00			`Ok(signature)`
changes 2025-05-04 20:17:09 +00:00			`}`

switched to blake3 2025-05-31 15:57:05 +00:00			`pub fn verify<T>(&self, data: &T, signature: Hash) -> Result<(), ApiError>`
changes 2025-05-04 20:17:09 +00:00			`where`
			`T: CustomHash,`
			`{`
			`let mut mac = self.mac.clone();`
switched to blake3 2025-05-31 15:57:05 +00:00			`mac.update(data.hash().as_bytes());`
			`let verify = mac.finalize();`
			`mac.reset();`
changes 2025-05-04 20:17:09 +00:00
switched to blake3 2025-05-31 15:57:05 +00:00			`match verify == signature {`
			`true => Ok(()),`
			`false => Err(ApiError::AccessDenied),`
changes 2025-05-04 20:17:09 +00:00			`}`
			`}`
			`}`

			`#[cfg(test)]`
			`mod test {`
switched to blake3 2025-05-31 15:57:05 +00:00
			`use blake3::Hasher;`
changes 2025-05-04 20:17:09 +00:00
			`use crate::api::backend::integrity_verification::{CustomHash, IntegrityVerifier};`

			`#[test]`
			`fn integrity_verification() {`
			`struct TestData {`
			`one: u32,`
			`two: String,`
			`}`

			`impl CustomHash for TestData {`
switched to blake3 2025-05-31 15:57:05 +00:00			`fn updater(&self, hasher: &mut Hasher) {`
changes 2025-05-04 20:17:09 +00:00			`hasher.update(&self.one.to_be_bytes());`
			`hasher.update(&self.two.as_bytes());`
			`}`
			`}`

			`let verifier = IntegrityVerifier::new().unwrap();`

			`let mut item = TestData {`
			`one: 24,`
			`two: "MyTesting".to_string(),`
			`};`

			`let signature = verifier.sign(&item).unwrap();`
switched to blake3 2025-05-31 15:57:05 +00:00			`assert!(verifier.verify(&item, signature).is_ok());`
changes 2025-05-04 20:17:09 +00:00
			`item.two = "Wrong".to_string();`
switched to blake3 2025-05-31 15:57:05 +00:00			`assert!(verifier.verify(&item, signature).is_err());`
changes 2025-05-04 20:17:09 +00:00			`}`
			`}`